Responsibilities

• Coordinate with the reporting entity to acquire a comprehensive understanding of the occurrence and its specifics.
• Follow existing SOPs, policies, and other procedures for escalation, notification, and reporting to the Federal Leadership.
• Lead or actively participate in client security-related meetings and conversations.
• Document and report every event according to Federal and departmental policy.
• Serve as essential personnel for Incident Management; provide incident response event coordination, task assignment, and process direction.
• Monitor and analyze security event notifications received via the SIEM and other security technologies.
• Perform triage at Level 2 for incoming Incidents (initial IR assessment of the priority of the event, initial determination of incident nature to determine risk and damage, or appropriate routing of security or privacy data request).
• Manage assigned investigations to ensure they are actively being worked on, and support Tier 1 analysts as needed in resolving investigations.

Requirements

- A  Bachelor’s degree, preferably in Computer Science, Engineering, Information  Technology, or Cybersecurity with 1+ years of applicable experience,

- MUST possess one of the following certificates: an ACTIVE CASP+  (CompTIA), CISSP (ISC2), OR GCIH (SANS).

- Knowledge of enterprise network infrastructure, application, and security tools (firewalls,  Antivirus, HIDS, IDS/IPS, proxy, WAF), Windows, and Unix/Linux system  operations.

- Experience with SIEM monitoring and analysis, network traffic and log analysis, prioritizing and distinguishing potential intrusion attempts from false alarms.

- Experience with Endpoint security products such as Windows Defender, Tanium, FireEye Solutions, Antivirus Solutions, and EDR Tools.

- General familiarity with cyberattack frameworks (MITRE ATT&CK and  Lockheed Cyber Kill Chain).

- Solid understanding of the application, authentication, network security  principles, and approaches for hardening the operating system.

- Knowledge of Computer Network Defense (CND) methods, rules, and regulations.